Alternate admin user partial permissions

rb_it_pf

Problem: I have created two additional local pfSense users and assigned them to the default 'admin' group. Signing into either of these users, I am unable to define LDAP servers, or import certs. The GUI allows me to navigate to these pages and start plugging the settings, but the page forms aren't submitting/saving.

The only user that seems to be able to do anything is the default admin, which I would like to disable in place of these new, alternate admin users.

I am running pfSense 2.4.4-RELEASE-p3 (amd64) on a Netgate XG-2758. I am also observing the following on another unit, Netgate SG-4860.

jimp

Which groups specifically are these users a member of?
Did you edit those groups yourself?

If they cannot save settings, somehow they likely have the Deny Config Write privilege selected. The usual way that happens is when an admin accidentally does a select-all on the privilege list without considering what's actually in the list.

rb_it_pf

Thanks Jim. These alternate users are only members of the default 'admin' group with the scope of 'system'.
The current Assigned Privilege for this group is: WebCfg - All pages. Security Notice: users in this group efectively have administrator-level access.

You are likely right about the action 'The usual way that happens is when an admin accidentally does a select-all on the privilege list without considering what's actually in the list.' I think that I had messed with the privileges at some point. Is there a way to return this default group's privileges to default?

Thanks.

rb_it_pf

Hi Jim,
Applying this patch fixed the issue: https://github.com/pfsense/pfsense/commit/b9ed452dbba4689e6280efa7f503e30809a3d8e4.patch
Thanks.